A new Android malware named Android.Bmaster detected by researcher Xuxian Jiang at North Carolina State University. The malware was discovered on a third party marketplace (not the Android Market) and is bundled with a legitimate application for configuring phone settings.Symantec researcher Cathal Mullaney wrote in on Symantec blog. [Read Here]
This Malware is estimated to affect between 10,000 and 30,000 phones on any given day. The botnet targets mostly mobile users in of China. Chinese phones, works by using GingerBreak, a tool that gives users root access to Android 2.3 Gingerbread. RootSmart is designed to escape detection by being named "com.google.android.smart," which the same name as a settings app included by default with Android operating systems.
Once the malware is installed on the Android phone, an outbound connection from the infected phone to a remote server is generated. The malware posts some user and phone-specific data to the remote address and attempts to download and run an APK file from the server. The downloaded file is the second stage in the malware and is a Remote Administration Tool (RAT) for Android, detected as Android.Bmaster. This type of malware is used to remotely control a device by issuing commands from a remote server.
The following data is transmitted by the malware:
- IMEI number
- IMSI number
- Cell ID
- Location Area Code
- Mobile Network Code
Hv gr8 day!